A declarative and type-safe model & validation library for TypeScript. YAVL lets you define field dependencies, conditional validations, default values, and metadata annotations in a single model definition — with full compile-time type safety.
Key features include incremental validation (only re-validates changed data), support for complex nested and array structures, conditional logic via when, a powerful annotation system, and default value resolution with circular dependency detection. YAVL is framework-agnostic and works on both client and server.
| Package | npm | Description |
|---|---|---|
@smartlyio/yavl |
 |
Core model & validation library |
@smartlyio/yavl-hooks |
 |
React hooks for YAVL |
- Open a PR and add a label (
patch/minor/major/no-release) - Wait for CI checks to pass (label validation, npm token check)
- Get your PR approved
- Merge — all packages are automatically versioned and published to npm
Note: The npm token expires every 90 days. If the token check fails, follow the NPM token rotation instructions.
This project uses Lerna in fixed version mode with GitHub Actions for automated versioning and publishing. All packages (@smartlyio/yavl, @smartlyio/yavl-hooks) are versioned together — a change in any package bumps all packages to the same version.
The release process is driven entirely by PR labels. Contributors do not need to run any versioning or publishing commands.
- Open a pull request with your changes against
master. - Add a release label to the PR:
patch,minor, ormajor.patch— bug fixes, small non-breaking changesminor— new features, non-breaking additionsmajor— breaking changesno-release— changes that should not trigger a release (docs, CI, refactors)
- The label is required. A CI check will block merging if no release label is set.
- Merge the PR. That's it — the rest is fully automated.
After merge, a GitHub Action automatically:
- Determines the bump type from the PR label
- Bumps all package versions via
lerna version(fixed mode) - Commits the version bump to
masterwith the PR titles as a release log - Publishes each package to npm via
npm publish(idempotent — safe to re-run) - Creates and pushes a
v{VERSION}git tag
If multiple PRs are merged between releases, the highest bump type wins (major > minor > patch) and all PR titles are included in the version commit.
| Check | What it does |
|---|---|
| Release Label Check | Fails if no release label is set. Ensures exactly one of patch, minor, major, or no-release is present. |
| NPM Token Check | Verifies the npm publish token is valid and not about to expire. Fails if expired or expiring within 14 days; warns at 30 days. |
The npm publish token (NPM_TOKEN) expires every 90 days. The NPM Token Check workflow catches this early, during PR review rather than at publish time.
When rotating the token:
- Go to npmjs.com token settings
- Generate a new Automation token with publish access
- Update the
NPM_TOKENrepository secret - Update the
NPM_TOKEN_EXPIRYrepository variable with the new expiration date (YYYY-MM-DD format)